They also said "Mozilla doesn’t sell data about you (in the way that most people think about “selling data”)", and I'm struggling to fathom what they could possibly think that "most people" think selling data could mean other than "giving your data to someone else for compensation", which seems pretty much exactly what the California law says. Yes, it's embedded in some legalese, but surely Mozilla has lawyers?
I think they're trying to make the distinction between "we sell your searches and clicks attached to your personal id" and "we sell derivative aggregated information like we have a lot of users of X style to advertise to". But it's kinda hard to sift through exactly what they can and can't sell under this.
> If you sell the information how many customers you have and how many shoes you've sold last month, are you selling your customer's personal data?
To make that analogy fair for the scope of what Mozilla's doing, the shoe store would have to be selling data about what color shirts people are wearing when they visit the shoe store.
That is fair. But a more accurate analogy would be that the sales representative that goes to people house is reporting to the store what color people are wearing at home.
Firefox is installed on my computer, not on a VPS owned by Mozilla. I'm not browsing Mozilla website. Why are they entitled to record and share everything I do?
> (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
Most people would view a sale as Mozilla getting cash back for the data. But that "other valuable consideration" (which the AG declined to clarify or create a factor-based approach for deciding) makes Mozilla vulnerable to lawyers.
The same parasites that claimed that embedding a chatbot on your website violates the California wiretapping laws and have been extracting cash from sites will figure out a way to do the same to Mozilla. see the wave of CIPA chatbot lawsuits.
For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
> For instance, suppose Mozilla partners with a search engine and could be claimed to get a discount or some other consideration for letting that search partner use search terms to improve the search engine. Something that isn't advertising related at all. That's probably a sale under CPRA.
If a search engine partner wants to use search terms to improve their search engine, they only have to look at their own logs. They don't need Mozilla to collect, aggregate, and sell them any data to accomplish that. Mozilla doesn't need to worry about selling data if they never possess that data in the first place.
Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.
> Your complaint about "other valuable consideration" is just a complaint that the law isn't crippled by stupid loopholes.
That's not the law. The search engine partner using those logs is probably valuable consideration and hence a sale. Mozilla doesn't even need to keep the data; just an api passthrough will qualify.
> The search engine partner using those logs is probably valuable consideration and hence a sale.
It's not a sale when the search engine doesn't get those logs from Mozilla. When a user sends a search query to Google using a Mozilla browser, it's Google's privacy policy that applies, not Mozilla's.
> Mozilla doesn't even need to keep the data; just an api passthrough will qualify.
There is no API passthrough in this scenario. Search queries go to the search engine directly without being relayed through Mozilla servers. Anything that does hit Mozilla's servers is entirely optional and unrelated to the purpose of satisfying the user's request for search results.
You don't need to speculate about how this could all be due to innocent ordinary operation of a web browser when Mozilla has already disclosed that they're voluntarily tracking users in ways that are not necessary for the operation of a web browser.
Most people don't think about this stuff and are simply uninformed. Referring to what "most people think" is a cop-out from their side.
But I think the sense Mozilla are referring to is the more obvious and over-the-top things like selling your name, phone number, email, postal address, your Amazon purchasing history, or to ramp it up more, your passwords, your credit card info etc.
Just saying that you can stretch it pretty far with vague language like "we aren't doing [bad thing] in the sense that most people would understand [bad thing]".
Most people probably envision selling data akin to shady person trading usb stick in dark alley or hackers selling huge batches of stolen data, so that statement will be true almost by default
most people I speak to about this tend to imagine selling data to be like people cold calling you with scams, getting suspicious advertisements that happen to be about stuff you just happened to be saying in the other room (which actually happened), and stuff like that. in Mozilla's case I'm pretty sure it's whatever Pocket is, considering how difficult it is in Firefox to turn that garbage off